Fix: mise en fonction de la vrification des droits d'accs users, clients et commerciaux
This commit is contained in:
Regis Houssin
parent
3a2ae56973
commit
e74e832489
@ -32,19 +32,8 @@ require("pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/comm/adresse_livraison.class.php");
|
||||
|
||||
$user->getrights('societe');
|
||||
$user->getrights('commercial');
|
||||
|
||||
$langs->load("companies");
|
||||
$langs->load("commercial");
|
||||
|
||||
if (! $user->rights->societe->creer)
|
||||
{
|
||||
if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
|
||||
{
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
$idl = isset($_GET["idl"])?$_GET["idl"]:'';
|
||||
$origin = isset($_GET["origin"])?$_GET["origin"]:'';
|
||||
@ -52,29 +41,8 @@ $originid = isset($_GET["originid"])?$_GET["originid"]:'';
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
if (! $socid && ($_REQUEST["action"] != 'create' && $_REQUEST["action"] != 'add' && $_REQUEST["action"] != 'update')) accessforbidden();
|
||||
|
||||
// Sécurité accés client
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$_GET["action"] = '';
|
||||
$_POST["action"] = '';
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'societe', $socid);
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -29,14 +29,8 @@
|
||||
|
||||
require("./pre.inc.php");
|
||||
|
||||
if (!$user->rights->societe->lire) accessforbidden();
|
||||
|
||||
// Sécurité accés client
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'societe');
|
||||
|
||||
$page=$_GET["page"];
|
||||
$sortorder=$_GET["sortorder"];
|
||||
|
||||
@ -41,21 +41,11 @@ if ($page < 0) { $page = 0 ; }
|
||||
$limit = $conf->liste_limit;
|
||||
$offset = $limit * $page ;
|
||||
|
||||
$socid=$_GET["socid"];
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
$type=$_GET["type"];
|
||||
|
||||
|
||||
/*
|
||||
* Sécurité accés client
|
||||
*/
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
if (!$user->rights->societe->lire) accessforbidden();
|
||||
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'societe');
|
||||
|
||||
llxHeader('','Contacts');
|
||||
|
||||
|
||||
@ -44,30 +44,10 @@ $langs->load("bills");
|
||||
$langs->load("contracts");
|
||||
if ($conf->fichinter->enabled) $langs->load("interventions");
|
||||
|
||||
$user->getrights("commercial");
|
||||
if (!$user->rights->societe->lire) accessforbidden();
|
||||
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
if ($socid == '') accessforbidden();
|
||||
|
||||
// Protection quand utilisateur externe
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, s.client";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
|
||||
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'societe', $socid);
|
||||
|
||||
$sortorder=$_GET["sortorder"];
|
||||
$sortfield=$_GET["sortfield"];
|
||||
|
||||
@ -39,7 +39,7 @@ $mesg = "";
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'commercial', $socid, 'societe');
|
||||
$socid = restrictedArea($user, 'societe', $socid);
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -1254,13 +1254,15 @@ function dol_loginfunction($notused,$pearstatus)
|
||||
* \param objectid ID du document
|
||||
* \param dbtable Table de la base correspondant au module (optionnel)
|
||||
*/
|
||||
function restrictedArea($user, $modulename, $objectid='' , $dbtablename='')
|
||||
function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list=0)
|
||||
{
|
||||
global $db;
|
||||
|
||||
$user->getrights($modulename);
|
||||
$user->getrights('commercial');
|
||||
|
||||
$socid = 0;
|
||||
if ($modulename == 'societe' && $objectid) $socid = $objectid;
|
||||
|
||||
//si dbtable non défini, même nom que le module
|
||||
if (!$dbtable) $dbtablename = $modulename;
|
||||
@ -1283,7 +1285,7 @@ function dol_loginfunction($notused,$pearstatus)
|
||||
$_POST["action"] = '';
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
|
||||
if ($objectid)
|
||||
{
|
||||
if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$socid > 0)
|
||||
@ -1292,7 +1294,7 @@ function dol_loginfunction($notused,$pearstatus)
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
else if ($objectid && (!$user->rights->commercial->client->voir || $socid > 0))
|
||||
else if (!$user->rights->commercial->client->voir || $socid > 0)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, dbt.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
|
||||
@ -1312,6 +1314,10 @@ function dol_loginfunction($notused,$pearstatus)
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (!$objectid && $modulename == 'societe' && $list==0)
|
||||
{
|
||||
accessforbidden();
|
||||
}
|
||||
return $socid;
|
||||
}
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ $langs->load("customers");
|
||||
$langs->load("suppliers");
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'societe');
|
||||
$socid = restrictedArea($user, 'societe','','',1);
|
||||
|
||||
$search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
|
||||
$search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"];
|
||||
|
||||
@ -35,28 +35,11 @@ $action = isset($_GET["action"])?$_GET["action"]:$_POST["action"];
|
||||
|
||||
$langs->load("companies");
|
||||
|
||||
$user->getrights('commercial');
|
||||
|
||||
// Protection quand utilisateur externe
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"];
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, s.client";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
|
||||
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'societe', $socid);
|
||||
|
||||
if ($_POST["action"] == 'add')
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user